Blog Posts Tagged with "Multifactor Authentication"
One-Third of Banking Account Takeover Attempts Successful
August 20, 2012 Added by:Robert Siciliano
While less money was ultimately siphoned from banks and customers than in past years, there are new attack strategies on the horizon, which may push these numbers up in 2012. Threats, defenses, and vulnerabilities continually emerge, so stay tuned as we track the shifts in our evolving security landscape...
Comments (0)
Is a Password Enough? A Closer Look at Authentication
August 16, 2012 Added by:Robert Siciliano
Yahoo and LinkedIn were recently breached and usernames and passwords were stolen. These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used, then the hacks may be a moot point and the data useless...
Comments (0)
Leveraging Regular User Accounts to Achieve Compromise
July 31, 2012 Added by:Jake Garlie
One of the more common ways pentesters break in to networks is by leveraging regular user accounts which have been compromised. They can be used in various ways to compromise systems, data, applications, and more. Once valid user accounts are obtained, using them throughout the network rarely triggers any alarms...
Comments (0)
Operation High Roller Reveals Sophisticated Automated Attacks
July 02, 2012 Added by:Headlines
"With no human participation required, each attack moves quickly and scales neatly.This operation combines an insider level of understanding of banking transaction systems with both custom and off the shelf malicious code and appears to be worthy of the term 'organized crime,'" the report states...
Comments (0)
RSA: Claims of SecurID 800 Token Crack are Whack
June 27, 2012 Added by:Headlines
"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."
Comments (0)
Researchers Crack RSA SecurID Tokens, Extract Keys
June 25, 2012 Added by:Headlines
"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...
Comments (0)
Top Five Fundamentals of Network Security
June 14, 2012 Added by:Megan Berry
There are many factors that can bring down your networks and compromise data, including criminals, carelessness and disgruntled employees. The hardware, software, and policies that make up the layers of network security defend your company’s systems from these threats. What are the most common threats?
Comments (1)
How Does Your Bank Protect Your Data?
May 15, 2012 Added by:Robert Siciliano
Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...
Comments (0)
Consumer Banking Security Products and Services
May 10, 2012 Added by:Robert Siciliano
All the conveniences of digital banking have its set of risks which requires upgrades in card technologies and authentication. In response banks have provided numerous methods for protecting your personal information and also making your banking experience more secure...
Comments (1)
CISSP Reloaded - Domain Two: Access Controls
March 07, 2012 Added by:Javvad Malik
Understand who’s trying to get access and choose the control that will really protect you. Or rather, I should say, the control should protect you long enough for you to do something about it. Otherwise you might find yourself as the person holding a knife in a gunfight...
Comments (0)
Five FFIEC Compliance Tips For Banks
January 10, 2012 Added by:Robert Siciliano
“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective..."
Comments (0)
Usernames and Passwords Are Facilitating Fraud
September 30, 2011 Added by:Robert Siciliano
Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...
Comments (0)
The Benefits of Multifactor Authentication
August 02, 2011 Added by:Robert Siciliano
Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."
Comments (0)
Authentication: Who Are You and Why Are You Here?
July 29, 2011 Added by:Mike Meikle
You may have robust network security, stringent password policies and a tightly locked down user environment, but if you don’t know what you own, both data and hardware, it is akin to having a bank vault door standing alone in a field...
Comments (0)
What the CISSP Won't Teach You - Part Trois
July 05, 2011 Added by:Boris Sverdlik
A dedicated attacker will not scour pastebin to get your password, although “inurl: password” used to be a common attack vector. More common amongst the dedicated attacker is getting as much background information as possible as an attacker builds the dossier on their target...
Comments (0)
Does Multi-Factor Authentication Even Matter Anymore?
April 05, 2011 Added by:Rafal Los
Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike. They have that one session, and then they have to orchestrate the attack again, whereas with a password compromise you can keep attacking over and over...
Comments (10)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!